[squid-users] Dstdomain from external ACL
Amos Jeffries
squid3 at treenet.co.nz
Sat Jul 22 07:12:23 UTC 2023
On 22/07/23 17:20, Alexeyяр Gruzdov wrote:
> Wow…
> Thank you so much !
>
> For now I used a simple .py script that checks if url is in table and
> send reply OK or ERR, depends from result.
>
> But allow ask you - how squid parse the url???
> I think it uses the regexp, is that true???
All parsers in the 'squid' binary perform full parse with validation.
>
> Because for example if I add the url to DB like example.com
> ( base url name)
> And if the proxy request will be even like to example.com/page1/
> - this will be matched. That’s great.
>
Oh, there are many moving parts involved there.
First is the HTTP request URL that Squid received, it could be any of
origin-form, authority-form, or relative-url.
(... probably you configured Squid to only send the URL domain name to
the helper.)
Second is what details you configured the external_acl_type directive to
pass on.
Third is how the helper receives its input. The helper I suggested uses
Perl string split to separate the concurrency channel-ID from the UID
portion and pack("H*",...) for binary safety.
Fourth is how the helper is using its input to lookup the database.
The helper I suggested uses SQL "=" operator, whose matching is
string-wise exact equality.
As far as I know only the Perl string split is potentially using regex,
but not in any way which would case the behaviour you describe.
If you are still using your own custom helper, look into how it is doing
those third and fourth things.
HTH
Amos
More information about the squid-users
mailing list